[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fuzzing
Subject:    Re: [fuzzing] Windows screensaver lock and lecturing
From:       Thierry Zoller <Thierry () Zoller ! lu>
Date:       2007-08-31 20:21:41
Message-ID: 317444679.20070831222141 () Zoller ! lu
[Download RAW message or body]

Dear Gadi,
You should really reply to emails ;)

This is a typical "Send F1 to all open Windows" attack, I use it to
get System privs on broken drivers, F1 ist Help, if no HLP file is
referenced it will pop up a File Open dialog (*.hlp), browse to cmd.exe and
voila.

Now I don't know why this happens while unlocking the screen.

GE> I was giving a lecture at NPS yesterday, and while I was unlocking my laptop
GE> (XP), suddently, before unlocked, a File Open window pops up. I could browse,
GE> and more importantly, open files. The first choice of the system was .hlp.

GE> Can someone say pwnage? Anyone up to doing some monkey fuzzing on that
GE> interface?

GE>         Gadi.
GE> _______________________________________________
GE> fuzzing mailing list
GE> fuzzing@whitestar.linuxbox.org
GE> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing



-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

_______________________________________________
fuzzing mailing list
fuzzing@whitestar.linuxbox.org
http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
[prev in list] [next in list] [prev in thread] [next in thread]